-
漏洞信息 (21117)

source: http://www.securityfocus.com/bid/3404/info
Progress is a commercial database for Microsoft Windows and Unix systems.
Locally exploitable buffer overflows are prevalent throughout many Progress Database programs. This is largely due to insufficient bounds checking of data which is externally supplied to strcpy functions.
These problems could be exploited to allow a local attacker to execute arbitrary code on a host with the privileges of each individual affected program.
This situation could be leveraged by the attacker to gain root privileges on the host.
http://www.exploit-db.com/sploits/21117.tar

-
漏洞描述

Progress Database is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted input, a local attacker can potentially excute commands.

-
漏洞讨论

Progress is a commercial database for Microsoft Windows and Unix systems.

Locally exploitable buffer overflows are prevalent throughout many Progress Database programs. This is largely due to insufficient bounds checking of data which is externally supplied to strcpy functions.

These problems could be exploited to allow a local attacker to execute arbitrary code on a host with the privileges of each individual affected program.

This situation could be leveraged by the attacker to gain root privileges on the host.